TY - JOUR
T1 - IoT Device Identification Techniques
T2 - A Comparative Analysis for Security Practitioners
AU - Andrews, Ash
AU - Oikonomou, George
AU - Armour, Simon M D
AU - Thomas, Paul
AU - Cattermole, Thomas
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2025/5/9
Y1 - 2025/5/9
N2 - As the Internet of Things (IoT) continues to grow, networks are increasingly at risk from vulnerable devicesthat allow access to attackers. Two particular threats are posed by rogue devices (i.e. devices present ona network that should not be) and unpatched devices (devices with out-of-date software or firmware). Agrowing body of research attempts to address these risks: automated IoT device identification. By usingmethods to quickly and easily identify IoT devices on a network, vulnerable devices can be identified,improving network security. Although there have been publications that survey this research, they aretypically broad, discussing IoT device identification only in passing, and do not provide a methodologyto clearly compare existing (or future) research. Our novel approach in this paper is to provide a simplemethodology for assessing and comparing research into IoT device identification, bypassing the need todelve into granular details such as specific algorithmic choices or feature selections, which are attributes notall papers have, and instead to focus on common attributes shared across papers. We provide a comprehensiveliterature review for the topic of identifying IoT devices in networks using passive network traffic, resultingin 69 publications examined. We systematically analyse the literature for key elements common across thestudies that can allow a comparative analysis, and define five we determine to be most important. We statewhy these five elements in particular are important, and discuss trends in these elements across the studies.We then produce a summary table containing just the information for the five elements for each study, andhow they can be used to understand and compare techniques, considering their context. This gives securityprofessionals and researchers the necessary tools to compare studies, both current and future, to understandhow to secure their networks and what they must consider when completing further research.
AB - As the Internet of Things (IoT) continues to grow, networks are increasingly at risk from vulnerable devicesthat allow access to attackers. Two particular threats are posed by rogue devices (i.e. devices present ona network that should not be) and unpatched devices (devices with out-of-date software or firmware). Agrowing body of research attempts to address these risks: automated IoT device identification. By usingmethods to quickly and easily identify IoT devices on a network, vulnerable devices can be identified,improving network security. Although there have been publications that survey this research, they aretypically broad, discussing IoT device identification only in passing, and do not provide a methodologyto clearly compare existing (or future) research. Our novel approach in this paper is to provide a simplemethodology for assessing and comparing research into IoT device identification, bypassing the need todelve into granular details such as specific algorithmic choices or feature selections, which are attributes notall papers have, and instead to focus on common attributes shared across papers. We provide a comprehensiveliterature review for the topic of identifying IoT devices in networks using passive network traffic, resultingin 69 publications examined. We systematically analyse the literature for key elements common across thestudies that can allow a comparative analysis, and define five we determine to be most important. We statewhy these five elements in particular are important, and discuss trends in these elements across the studies.We then produce a summary table containing just the information for the five elements for each study, andhow they can be used to understand and compare techniques, considering their context. This gives securityprofessionals and researchers the necessary tools to compare studies, both current and future, to understandhow to secure their networks and what they must consider when completing further research.
U2 - 10.1109/ACCESS.2025.3568673
DO - 10.1109/ACCESS.2025.3568673
M3 - Article (Academic Journal)
SN - 2169-3536
VL - 13
SP - 82610
EP - 82620
JO - IEEE Access
JF - IEEE Access
ER -